Protecting Apache uri with keycloak auth

Question

I'm trying to configure Apache and Keyloak to grant access to users according to their roles.

I'm trying to start with a simple configuration. so I created directory called demo1 in /var/www/ and then dir1 and dir2 inside demo1, next I created two html files in dir1 and dir2.

To sum up :

/var/www---demo1 ----- dir1 --- file1.html
                   |
                   --- dir2 --- file2.html

I have configured keycloak as follow:

Keycloak Client Config

And I have configured Apache as follow:

Listen 8080 http

<VirtualHost *:8080>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html



        #this is required by mod_auth_openidc

        OIDCCryptoPassphrase passphrase
        OIDCProviderMetadataURL http://192.168.56.101:8080/auth/realms/master/.well-known/openid-configuration
        OIDCClientID demo-apache
        OIDCClientSecret ba002619-5ab5-41b4-aed3-338e4a3235ef
        OIDCRedirectURI http://192.168.56.104:8080/demo1/redirect_uri

        # maps the prefered_username claim to the REMOTE_USER environment variable #
        OIDCRemoteUserClaim preferred_username


        <Location /demo1/dir1 >
                AuthType openid-connect
                Require valid-user
                Loglevel debug
        </Location>

        <Location /demo1/dir2 >
                AuthType openid-connect
                Require valid-user
                Loglevel debug
        </Location>

</VirtualHost>

When I try to have acces to the /demo1/dir1/ I get prompted to enter user/password, but instead of getting dir1, I get 404 Not Found The requested URL /demo1/redirect_uri was not found on this server.

How can i get the content of dir1 and dir2 ?

Any help would be appreciated.

Thank you

Answer 1

You also need to protect demo1/redirect_uri as pointed out in the README.md and sample auth_openidc.conf.